Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-3224

Published: 26/07/2015 Updated: 03/12/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 436
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Rubyonrails

Vulnerability Summary

request.rb in Web Console prior to 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote malicious users to bypass the whitelisted_ips protection mechanism via a crafted request.

Vulnerable Product Search on Vulmon Subscribe to Product

rubyonrails web console

Exploits

Exploit DB: Ruby on Rails 4.0.x/4.1.x/4.2.x (Web Console v2) - Whitelist Bypass Code Execution (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' ...

Github Repositories

https://github.com/xda3m00n/CVE-2015-3224-

CVE-2015-3224

CVE-2015-3224- just a stupid version for CVE-2015-3224, for web console need to setup web server for ptypy

https://github.com/0x00-0x00/CVE-2015-3224

Modification of Metasploit module for RCE in Ruby-On-Rails Console CVE-2015-3224

CVE-2015-3224 Ruby-On-Rails Web Console RCE What is this? This is a metasploit module for Metasploit I already have this module Yes, this is packaged into metasploit But with that module you can't get arbitrary command execution I mean, you can only establish reverse/bind shell payloads with it I needed to execute commands right to the shell So I modified the metaspl

https://github.com/redirected/tricks

JWT create token with HS256 + public key (pem) jwtrb link Apache Struts2 S2-045 s02-045txt CVE-2015-3224 ruby-on-rails-web-console2-rcerb CVE-2015-3224 Werkzeug DEBUG Werkzeug RCE import subprocess; subprocesscall(["payload"]); Unickle Pickle python injection pickle

References

CWE-284https://groups.google.com/forum/message/raw?msg=rubyonrails-security/lzmz9_ijUFw/HBMPi4zp5NAJhttp://openwall.com/lists/oss-security/2015/06/16/18https://github.com/rails/web-console/blob/master/CHANGELOG.markdownhttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160881.htmlhttp://www.securityfocus.com/bid/75237https://nvd.nist.govhttps://www.exploit-db.com/exploits/41689/https://github.com/xda3m00n/CVE-2015-3224-
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook